- update to 5.1.1:
* fix vulnerability report: Authentication-Info or Proxy-Authentication-Info are affected by a buffer overflow when building sip messages.
* fix vulnerability report: when boundary only contains one quote, strncpy will use the unsigned value of -1 as size parameter.
* fix: avoid several memory leaks detected in the SDP parser upon invalid SDP formats.
* fix bug #57467: infinite loop in sdp_message_a_attribute_del_at_index
* fix bug #56071: Heap-buffer-overflow in osip_util_replace_all_lws function in osip_message_parse.c
* fix to reject any non compliant answer with missing version digits.
OBS-URL: https://build.opensuse.org/request/show/826910
OBS-URL: https://build.opensuse.org/package/show/network:telephony/libosip2?expand=0&rev=28
- drop patch already in 5.0.0
0001-Patch-2.1-Fixes-heap-buffer-overflow-in-osip_body_to_s.patch
- drop patch already in 5.0.0
0001-Patch-1-Fixes-heap-buffer-overflow-in-_osip_message_to_str.patch
- drop patch already in 5.0.0
0001-Patch-3-Fixes-heap-buffer-overflow-in-osip_clrncpy.patch
- fix a set of buffer overflows:
- add patch for (bnc#1034570, CVE-2017-7853)
SIP_body_len_underflow.patch
- add patch for (bnc#1034571, CVE-2016-10326)
0001-Patch-2.1-Fixes-heap-buffer-overflow-in-osip_body_to_s.patch
- add patch for (bnc#1034572, CVE-2016-10325)
0001-Patch-1-Fixes-heap-buffer-overflow-in-_osip_message_to_str.patch
- add patch for (bnc#1034574, CVE-2016-10324)
0001-Patch-3-Fixes-heap-buffer-overflow-in-osip_clrncpy.patch
- Update to 5.0.0:
* STRUCTURE change: additionnal parameter for "struct osip_srv_entry" used for failover in eXosip2.
* fix overflow: sr #109133: Heap buffer overflow in utility function *osip_clrncpy*
* fix overflow: sr #109132: Heap buffer overflow in *osip_body_to_str*
* fix overflow: sr #109131: Heap buffer overflow in `_osip_message_to_str`
* simplify usage of timercmp/timerisset/timerclear
* optimize list search: use iterator
* improve/update autotools (./configure and options, Makefile.am, ax_thread.m4...)
* verify a URI scheme only contains allowed char
* improve make check (test unit) to make it clear about the results expected.
* fix a possible buffer overflow of 1 byte in sdp_message_to_str (size=sdp allocated size)
* fix cseq check in order to stop retransmission of 200ok
* update to reject negative value in port number
OBS-URL: https://build.opensuse.org/request/show/489638
OBS-URL: https://build.opensuse.org/package/show/network:telephony/libosip2?expand=0&rev=25
- Update to 4.1.0:
* fix sdp re-allocation
* increase max length size
* osip_trace_initialize returns 0 if log are compiled.
* timer e and timer g will use #define DEFAULT_T2 instead of 4000.
* handle additionnal possible malloc failure.
* fix compatibility with old UA for INVITE retransmission.
* fix osip_sem_destroy leak on apple.
* accept lowercase sip/2.0.
- Update to 4.0.0:
* reduce path len // remove path in front of logs.
* accept only SIP/D.D format message.
* fix bug when releasing request with missing major headers.
* fix minor memory leak // remove limitation on fifo size.
* use system independant time for osip_gettimeofday on unix platform.
* To compile/use osip based application in multi threaded
env, you don't need to define -DOSIP_MT any more. Instead,
if you wish to disable the feature, you can compile with
-DOSIP_MONOTHREAD.
* A few other clean up were made inside osip to avoid any
define to appear in include files. Also to avoid conflict,
config.h has been renamed to osip-config.h.
- Patches updated.
- Spec cleanup.
OBS-URL: https://build.opensuse.org/request/show/244943
OBS-URL: https://build.opensuse.org/package/show/network:telephony/libosip2?expand=0&rev=22
- Update to 4.0.0:
* reduce path len // remove path in front of logs.
* accept only SIP/D.D format message.
* fix bug when releasing request with missing major headers.
* fix minor memory leak // remove limitation on fifo size.
* use system independant time for osip_gettimeofday on unix platform.
* To compile/use osip based application in multi threaded
env, you don't need to define -DOSIP_MT any more. Instead,
if you wish to disable the feature, you can compile with
-DOSIP_MONOTHREAD.
* A few other clean up were made inside osip to avoid any
define to appear in include files. Also to avoid conflict,
config.h has been renamed to osip-config.h.
- Patches updated.
- Spec cleanup. (forwarded request 180740 from Fisiu)
OBS-URL: https://build.opensuse.org/request/show/181071
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libosip2?expand=0&rev=21
- Update to 4.0.0:
* reduce path len // remove path in front of logs.
* accept only SIP/D.D format message.
* fix bug when releasing request with missing major headers.
* fix minor memory leak // remove limitation on fifo size.
* use system independant time for osip_gettimeofday on unix platform.
* To compile/use osip based application in multi threaded
env, you don't need to define -DOSIP_MT any more. Instead,
if you wish to disable the feature, you can compile with
-DOSIP_MONOTHREAD.
* A few other clean up were made inside osip to avoid any
define to appear in include files. Also to avoid conflict,
config.h has been renamed to osip-config.h.
- Patches updated.
- Spec cleanup.
OBS-URL: https://build.opensuse.org/request/show/180740
OBS-URL: https://build.opensuse.org/package/show/network:telephony/libosip2?expand=0&rev=18
